Privacy Policy

Data protection information for website visitors, customers, suppliers, interested parties, applicants and ohter data subjects

In the following, we would like to inform you as a visitor to our website (see section 2), as a customer or interested party in our services (see section 3) or applicant (see section 4) about the processing of your personal data by us and about your rights under applicable data protection law.

1. Responsible body and contact details of the data protection officer

Responsible is

LUKAS Hydraulik GmbH
Weinstrasse 39
D-91058 Erlangen
Tel: +49 9131 698-0
E-Mail: lukas.info@idexcorp.com

(hereinafter referred to as "we" and/or "us")

You can contact our external data protection officer at

RISCREEN GmbH
Türltorstraße 4
D-85276 Pfaffenhofen
Tel: +49 8441 47706-10

2. Processing of personal data in connection with your use of our website

2.1 Data categories, purpose of processing and legal basis

As part of your use of the website, we process the following personal data:

  • Personal data that you voluntarily enter yourself as part of an online offer (such as requests to contact us), such as first and last name, e-mail address, telephone number, information provided as part of a support request, comments or forum posts, and
  • Information that is automatically sent to us by your web browsers or device, such as: Your IP address, device type, browser type, previously visited websites, subpages visited or date and times of the respective visitor request.

We process your personal data in order to enable the website to be displayed in your browser, to ensure the functionality of the website and to optimise the website.

The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR

  • to enable you to use the services and functions of the online offers,
  • to process your request,
  • to establish your identity and enable user authentication,
  • to enforce our Terms of Use, assert or defend against legal claims, and to defend against and prevent fraudulent and similar activities, including attacks on our IT infrastructure.

In some cases, we will ask for your explicit consent to the processing of your personal data. In this case, the legal basis for the processing of your personal data is the consent you have given in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.

2.2 Cookies

We use cookies. These are data sets that are automatically created by your browser and stored on your device when you visit the website. They contain information about browsing history and user behavior.

Depending on their type and function, the use of cookies is either free of consent or requires consent. Consent is not required for cookies that are absolutely necessary for us to be able to provide you with our online services (so-called necessary cookies). Necessary cookies are absolutely necessary for the use of the website services, as they enable basic functions such as page navigation and access to secure areas of the website. As a rule, the website does not function properly without the setting of necessary cookies. Furthermore, necessary cookies are those that are used for IT security.

The legal basis for the storage and retrieval of such cookies is § 25 para. 2 no. 2 TTDSG. The legal basis for further data processing in these cases is Art. 6 (1) (f) GDPR (legitimate interests in the provision of the online offer or IT security).

On the other hand, cookies requiring consent (so-called non-necessary cookies) are used, for example, to collect statistics and/or create analyses in order to adapt the use of our offer individually to your preferences. You give your consent when you visit our online offer when you display our "cookie banner". By clicking a button, you can declare your consent to the use of cookies on this website.

In this respect, the legal basis for data processing is Section 25 (1) TTDSG and Article 6 (1) (a) of the GDPR in conjunction with Article 7 of the GDPR.

We use the following cookies:

2.2.1 Anonymous cookies

Session cookie of the CMS system

This website uses a so-called session ID cookie from our CMS system Joomla. This is set in order to store functions and/or settings that you need for your visit to the website (e.g. the language setting). This data will not be used for analytics purposes and will be deleted when your session expires or you log out of our website.

Consent Management Tool

This website uses the consent management tool CCM19. The tool enables you to give consent to data processing via the website, in particular the setting of cookies, as well as to make use of your right of revocation for consents that have already been given. The purpose of data processing is to obtain and document the necessary consents to data processing and thus to comply with legal obligations. Cookies may be used for this purpose. Among other things, the following information is collected and transmitted to CCM19: date and time of page access, consent status.

Shopware

This website uses elements of Shopware. Shopware uses various technically necessary cookies to make system-relevant functions executable, e.g. the correct display of page content.

2.2.3. Non-essential cookies

Google Analytics

This website uses functions of the web analysis service "Google Analytics". The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The cookies set by Google Analytics enable an analysis of your user behaviour on our website. This information is usually transmitted to a Google server in the USA and stored there.

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within the states of the European Union or other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information, please refer to Google's privacy policy at the following link: https://support.google.com/analytics/answer/6004245?hl=de.

The legal basis for the data processing operations described is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR and § 25 (1) TTDSG.

As stated above, Google also processes data in the USA, among other places. The legal basis for data processing in the USA is the European Commission's adequacy decision of 10 July 2023 as well as the EU Standard Contractual Clauses in their current version.

2.3. Processing on our social media channels

We place links on our website to the websites of social networks

to (i) draw attention to our services and products on our social media channels and (ii) to get in touch with you.

You can recognise the links on our website by the integrated logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are redirected to the website of the service provider.

2.3.1. Data processing by us

We operate the social media presence to draw attention to our products, services and career opportunities and to communicate with users and to achieve improvements.

The processing of personal data is generally carried out on the basis of Art. 6 (1) (f) GDPR on the basis of our legitimate interests in public relations, communication and product improvement, unless otherwise specified.

We may view your posts and similar interactions on our social media presences as well as – depending on your privacy settings – your public profile. We may use this data to improve our information and products, especially on our social media presences.

If you contact us via our social media presences, we will process your personal data in order to process your request, in particular to answer enquiries. We may then respond to your request via the respective social media presence. In many cases, the legal basis for the processing of personal data is Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures) or, if this legal basis is not relevant, Art. 6 (1) (f) GDPR on the basis of the legitimate interests resulting from the aforementioned purposes.

In addition, we receive aggregated usage statistics from the platforms, which we use to evaluate usage behavior and to improve our information offering. The usage statistics may also be compiled on the basis of personal usage data by the platforms. Further information on this can be found in the data protection notices of the respective providers linked below.

Further information on Facebook and Instagram can be found at No. 2.3.3.

2.3.2. Processing by social media providers

We have no influence on the processing of your personal data when you visit the social media pages. The provider of the social network has control over the data processing in the context of the use of the respective service. This includes, for example, the storage and use of cookies on user devices as well as the analysis of your behaviour on the social network.

2.3.3. Additional information on Facebook and Instagram

When you visit our social media channels on Facebook and Instagram, the operator Meta collects in particular your IP address and other information transmitted by your browser and, if applicable, other information that is available on your PC in the form of cookies. This information is used to provide us, as the owner of the two social media channels, with statistical information about the use of the respective presences (insights).

Meta and we process the personal data as joint controllers within the meaning of Art. 26 GDPR and have concluded a corresponding joint controller agreement for this purpose. The essential information on the corresponding agreement pursuant to Art. 26 GDPR between us and Facebook can be found under https://www.facebook.com/legal/terms/page_controller_addendum.

You can find more information about data processing by Facebook in the context of Facebook Insights at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

The data collected about you in this context will be processed by Meta and, if necessary, transferred to countries outside the European Union, in particular to Meta Platforms Inc., based in the USA. We would like to point out that Facebook is responsible under data protection law for the corresponding transmission and subsequent processing operations. The specific data Meta receives and how it is used is described in the privacy policies of Facebook and Instagram (see Section 2.3.1).

The legal basis for the processing of personal data in this context is Art. 6 (1) (f) GDPR (legitimate interests in achieving the above-mentioned purposes) or, if consent has been obtained, Art. 6 (1) (a), Art. 7 GDPR (consent).

2.4. Contacting us by e-mail

If a user contacts us via the e-mail address provided on the website, the data entered in the e-mail will be transmitted to us and part of the data will be stored.

In this context, the data will not be passed on to third parties outside the company. The data will be used exclusively for the processing of correspondence.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR is a further legal basis for the processing.

The processing of the personal data from the input mask serves us to process the contact and to prevent the misuse of the contact form. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective correspondence with the user has ended and the matter in question has been conclusively clarified.

The user has the right to object to the processing of his or her personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via e-mail to: lukas.info@idexcorp.com, Attn: LUKAS Marketing. In this case, all personal data stored in the course of contacting us will be deleted.

2.5. Integration of Open Street Map

As part of the dealer network search on our website, we integrate map material from OpenStreetMap. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, Great Britain, which collects freely usable geodata and keeps it in a database for free use.

When using the Merchant Network Search feature, a connection is established to the OpenStreetMap Foundation's servers and data is transmitted to the OpenStreetMap Foundation to display embedded maps. For more information on data protection in connection with OpenStreet Map, please refer to the privacy policy of the OpenStreetMap Foundation: https://osmfoundation.org/wiki/Privacy_Policy.

When you establish a connection to view the maps, the following data is transmitted to OpenStreetMap servers: IP address, browser and device used, operating system, website from which you were redirected to the OpenStreetMap Foundation website (referring web page) and date and time of your visit to the website.

The integration and associated data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in providing you with the dealer network search function.

You can prevent any data transfer to the servers of OpenStreetMap by disabling JavaScript in your browser. In this case, however, you will not be able to use the map display.

3. Processing of personal data of business partners

3.1 Description and scope of data processing

In the context of cooperation with business partners, the company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter referred to as "business partners"). In particular, the following personal data will be processed:

  • Contact information, such as first and last name, work address, work phone number, work mobile phone number, work fax number, and work email address;
  • Payment data, such as information required to process payment transactions or prevent fraud, including credit card information and security codes;
  • further information, the processing of which is necessary in the context of a project or the execution of a contractual relationship and which is voluntarily provided by business partners, e.g. in the context of orders placed, enquiries or details of projects,
  • personal data collected from publicly available sources, information databases or credit reference agencies, and
  • insofar as legally required in the context of compliance screenings: date of birth, ID and ID numbers, information on relevant court proceedings or other legal disputes in which business partners are involved.

3.2 Purpose of data processing

Personal data will be processed for the following purposes:

  • Communication with business partners about products, services and projects, e.g. to process inquiries from the business partner or to provide technical information about products,
  • planning, executing and managing the contractual business relationship, for example to process the ordering of products and services, to collect payments, for accounting and billing purposes and to carry out deliveries, maintenance activities or repairs,
  • Conducting customer surveys, marketing campaigns, market analyses, sweepstakes, competitions, etc. Promotions and events,
  • Conducting customer satisfaction surveys and direct marketing,
  • Maintain and protect the security of our products and services and our websites, prevent and detect security risks, fraudulent activity, or other criminal or malicious activity;
  • Comply with (i) legal requirements (e.g. tax and commercial retention obligations), (ii) existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering), and (iii) guidelines and industry standards, and
  • Resolving disputes, enforcing existing contracts, and establishing, exercising and defending legal claims.

3.3 Legal basis

The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise at the time of collection of personal data, the legal basis for data processing is:

  • the execution and fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR,
  • the fulfilment of legal obligations to which the company is subject pursuant to Art. 6 (1) (c) GDPR, or
  • the protection of legitimate interests pursuant to Art. 6 (1) (f) GDPR. The legitimate interest lies in the initiation, implementation and processing of the business relationship.

If you have expressly given your consent to the processing of your personal data in individual cases, this consent is the legal basis for processing in accordance with Art. 6 (1) (a) GDPR.

3.4 Duration of storage

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual obligations and the exercise of our rights. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its further processing – for a limited period – is necessary for the following purposes:

  • Fulfilment of retention obligations under commercial and tax law under the German Commercial Code (HGB), the German Fiscal Code (AO) and the Money Laundering Act (GwG). The retention and documentation periods specified there are usually two to ten years.
  • Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

4. Processing of candidates' personal data

4.1 Data categories and purpose of data processing

As part of the application process, we generally process the following categories of personal data:

  • Contact and identity details, including name, marital status, gender, nationality, date of birth, residential address and contact details.
  • Your application documents and any information contained therein, including your CV, cover letter and certificates; other documents relating to your previous work experience, education or similar; and pictures.
  • Information about your employment history and work-related experience and skills, including date of hire, date and reason for termination, employment status, current salary amount, other supporting data submitted by applicants or employees, information obtained from reference checks, previous applications, evidence of your skills/qualifications, and relocation information.
  • Information relating to character and professional interests, including work-related and personal interests; knowledge or skills; and awards or memberships.
  • Other personal information you provide to us during the recruitment process, including our notes from interviews with you or others about you; and any correspondence you may have with us or a recruitment agency during the application process.
  • Information about your work permit status.
  • Sensitive data, in certain circumstances, including your racial or ethnic origin; trade union membership; religious beliefs; or information about your health, such as information about a disability, for which the company must make reasonable adjustments during the recruitment process

We may also receive the above information about you from other sources, including recruitment agencies, the references you provide, websites, and other publicly available information on the Internet. This includes, for example, personal data that you have published as part of an online profile. We may also receive information that you provide to us through third-party websites, such as LinkedIn.

Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if applicable, for the performance of the subsequent employment relationship.

If your application has convinced us, but we are unable to consider you for a vacancy, we would be happy to store your documents in our talent pool. In this case, we will ask you for your consent in a separate email. Then you have the option of contacting you again if there are suitable job advertisements that match your profile.

If we would like to send your application documents to other companies in the group of companies, we will also ask for your consent. You are also welcome to give this consent in your application. In such a case, your personal data will be forwarded to the competent departments of other companies for the purpose of initiating the application process in the respective companies.

4.2 Legal basis for data processing

The processing of your personal data in the context of the application process is carried out on the basis of Art. 6 (1) (b) GDPR (establishment and execution of a contract).

The storage and processing of your data in the talent pool or the forwarding to other companies in the group of companies takes place on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

4.3 Disclosure of data

Your data will be made available to the responsible employees of the HR department and the responsible employees or supervisors of the specialist department(s) for the position for which you have applied. In the case of an unsolicited application, your documents will be made available to the responsible employees of the HR department and the responsible employees or supervisors of the relevant departments for whom your application might be of interest.

Due to our corporate structure, it may happen that there are several people responsible for your application; this can be seen from the application documents in individual cases. This transfer is protected by obligations set out in intra-group agreements that we have entered into between the various legal entities of the IDEX group of companies. International transfers within the IDEX group of companies are governed by standard contractual clauses approved by the EU Commission or, where applicable, on the basis of an adequacy decision.

In addition, we do not pass on your applicant data to affiliated subsidiaries or parent companies, unless your application also relates to these companies, is kept open for this purpose or you have given us explicit consent.

Furthermore, we use processors (e.g. IT service providers) for the application process. Your data will be passed on to them in strict compliance with the obligation of confidentiality and the requirements of the GDPR. The processors commissioned by us may only process the data for us and not for their own purposes. In these cases, the responsibility for data processing remains with us.

Data will also be passed on if we are obliged to do so on the basis of statutory provisions and/or official or court orders.

4.4 Transfer of personal data to third countries

Our company is part of the IDEX group of companies, where HR responsibilities can exist across national borders. For this reason, supervisors in other countries may also have access to your applicant data. This data processing is necessary for the decision on the establishment of an employment relationship. In addition, data will also be transferred to third countries if your data is included in the talent pool. This means that our foreign units affiliated with the Group also have access to your applicant data.

When data is transferred to an entity in a third country, appropriate safeguards for the protection of your personal data ensure that the level of data protection provided by the European Union is complied with.

4.5 Deletion periods for applicant data

If no employment relationship is established, the application documents will be deleted six months after rejection. The legal basis for the storage in this regard is Art. 6 (1) (f) GDPR. Our legal interest in this regard is the defence against any claims under the General Equal Treatment Act ("AGG"). In all other respects, the general deletion periods and notices under No. 3.4.

5. Recipients and Recipient Categories

Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they maintain confidentiality and integrity. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. As a matter of principle, we may only pass on information about you if this is required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be:

  • public bodies and institutions (e.g. tax authorities, law enforcement authorities, family courts, land registry offices) in the event of a legal or official obligation,
  • credit and financial services institutions or comparable institutions to which we transmit personal data in the course of carrying out the business relationship (e.g. banks, credit agencies),
  • creditors or insolvency administrators who make an enforcement,
  • Auditor
  • Service providers that we use in the context of order processing relationships,
  • Commercial representative of the company.

In all other respects, the data transfers listed in the other sections apply.

6. Transfer to third countries

Data will be transferred to entities outside the European Union (so-called third countries) insofar as:

  • it is necessary for the execution of your orders (e.g. delivery orders),
  • it is required by law (e.g. tax reporting obligations) or
  • You have given us your consent.

In addition, a transfer to entities in third countries is provided for in the following cases:

  • If this is necessary in individual cases, your personal data may be transferred to an IT service provider in a third country in order to ensure the IT operation of the company in compliance with the European level of data protection.
  • Due to legal regulations to combat money laundering, terrorist financing and other criminal acts, as well as in the context of a balancing of interests, personal data (e.g. legitimation data) is transferred to third countries in individual cases in compliance with the data protection level of the European Union.

The use of our range of social media, analysis services, our applicant platform and the use of IT service providers may result in data transfers and subsequent processing of usage data of the respective services in the USA. In this context, please note that due to the adequacy decision, the level of data protection in the USA is generally comparable to that of the EU and the EEA. Data transfer, on the other hand, is only permitted if the recipient has been certified according to the EU-US Privacy Framework (DPF). These certifications are regularly checked by us so that data protection-compliant transmission is ensured.

In addition, as set out in the remaining sections, personal data may be transferred to third countries by the companies to which we share personal data.

7. Data integrity

For security reasons and to protect the transmission of confidential content, SSL or TLS encryption is implemented on our website. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

Our employees and the service providers commissioned by us are obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws. The Company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction and from access or disclosure by unauthorized persons. Our security measures are constantly being improved in line with technological developments.

8. Rights of data subjects

Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR.

With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can revoke your consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

You also have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. This includes, in particular, if the processing is necessary for the assertion, exercise or defence of legal claims.

In addition, you have the right not to be subject to fully automated decision-making in accordance with Art. 22 GDPR. As a matter of principle, we do not use fully automated decision-making to establish, execute and terminate the business relationship. If we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and your rights in this regard, if required by law.

9. Obligation to provide data

As part of our business relationship, you must provide the personal contract data that is necessary for the establishment, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.

The same applies to visits to our online services and the collection of usage data. Without the collection of usage data, we and our service providers will not be able to provide you with our online offering.

10. Up-to-dateness and changes to this Privacy Policy

This privacy policy is currently valid and has the status of October 2023.